DUBLIN (Reuters) – Yahoo’s European regulator has ordered it to make privateness adjustments following a probe into what it mentioned was one of many largest ever information breaches to influence EU residents.

Yahoo, most of whose belongings have been acquired by Verizon Communications Inc (VZ.N), mentioned in 2016 that at the very least 500 million of its accounts had been hacked two years earlier by cyber thieves who could have stolen names, e mail addresses, phone numbers, dates of delivery and encrypted passwords.

Eire’s Knowledge Safety Commissioner (DPC), the lead European regulator on privateness points for Yahoo as a result of the corporate’s European headquarters are in Dublin, mentioned on Thursday that Yahoo’s information processing operations didn’t meet the requirements required by EU legislation.

The breach affected round 39 million European customers and was the most important the DPC has each investigated, it mentioned.

It ordered the web firm to take specified actions, together with guaranteeing that each one its information safety insurance policies take account of the relevant information safety legislation, and are reviewed and up to date at outlined common intervals.

It additionally should replace its information processing contracts and procedures related to such contracts to adjust to information safety legislation.

The DPC, which additionally regulates different on-line giants equivalent to Fb (FB.O) and Apple (AAPL.O), was not capable of fantastic the corporate for the breach. Underneath a brand new EU-wide information safety legislation that got here into power final month, it could actually difficulty fines of as much as 20 million euros or four p.c of an organization’s world turnover.